Targeted Attack Campaign Uses Android Malware

Trailrunner7 writes "Android attacks have become all the rage in the last year or two, and targeted attacks against political activists in Tibet, Iran and other countries have been bubbling up to the surface more and more often. Now, those two trends have converged with the discovery of a targeted attack campaign that's going after Tibetan and Uyghur activists with a spear-phishing message containing a malicious APK file. Researchers say the attack appears to be coming from Chinese sources. The new campaign began a few days ago when unknown attackers were able to compromise the email account of a well-known Tibetan activist. The attackers then used that account to begin sending a series of spear-phishing messages to other activists in the victim's contact list. One of the messages referred to a human rights conference in Geneva in March, using the recipients' legitimate interest in the conference as bait to get them to open the attachment. The malicious attachment in the emails is named 'WUC's Conference.apk.'"

Re:Dealing with incompetent device owner

[Nerdfest]

... yeah, don't you need to buy a Mac as well? I think a check box in the settings works perfectly fine.

Re:Lol

[elashish14]

It's still no excuse. YOU DO NOT OPEN ATTACHMENTS THAT YOU ARE NOT EXPECTING. It doesn't matter who the source is. Anyone could get hacked. Even if the source is someone you trust, but the message seems out of the blue and not something you expect, you get back in touch with them and ask if they sent it. Just because the message seems authentic doesn't mean that it is. It's still your fault as the user for trusting something that you shouldn't.